Privacy Principles for Surveillance in the Digital Age

- 2013-07-31 -

CIPPIC has joined over 120 civil society groups from around the world in endorsing a set of principles (FR) geared towards re-asserting what it means to protect privacy and associated human rights in light of increasing state surveillance capacities. Over the past several years, several gaps and cracks have developed in constitutional privacy frameworks around the world, which have simply not kept up with technological advances. Slipping through these cracks, government monitoring has grown to exponential proportions, as highlighted most recently and dramatically by a string of revelations regarding the unchecked surveillance programs operated by several foreign intelligence agencies in Canada and around the world. Over the past year, CIPPIC has worked with a number of civil society groups including the Electronic Frontier Foundation, Privacy International and Access to develop these principles as a means of addressing several of these shortcomings.

As detailed below, the Principles collectively call for:

Transparency in Surveillance. The basis and interpretation of surveillance powers must be on the public record, and rigorous reporting and individual notification obligations are required;

Technical Neutrality. It is no longer acceptable to rely on artificial technical distinctions such as 'content' or 'non-content' as a basis for harvesting mass amounts of personal information;

Proportionality & Due Process. It is time to re-assert what has historically been the primary vehicle for preventing electronic surveillance from getting out of hand: prior authorization by an independent judicial entity based on a determination that the surveillance is highly likely to provide evidence that will address a serious harm;

It is time to turn back the surveillance tide. If your organization is interested in endorsing these principles or in learning more, please email: rights@eff.org.

Transparency in Surveillance: Privacy-invasive activities must be based on publicly described powers that are clear and detailed enough so that individuals can foresee the conditions under which privacy invasion will occur; individuals must be notified as soon as possible once their privacy has been invaded; aggregate and detailed public reporting on all state surveillance activities is a must. This will prevent scenarios where state agencies are able to benefit from one-sided and secret interpretations of legal ambiguities as a means of expanding the reach of their surveillance powers and effectively insulating them from adversarial challenge. In addition, the principles envision "sufficient and significant" protection for whistleblowers -- an important mechanism for ensuring transparency in surveillance -- as well civil and criminal penalties that provide enough sting to ensure illegal surveillance does not occur.

Technical Neutrality: Individuals cannot be robbed of their right to live free of state scrutiny on the basis of arbitrary definitions based on technical delivery mechanisms inherent in digital networks, such as whether the information is under the control of a third party (as almost all online data is); whether the 'content' of communications is sought or not (as the metadata that surrounds this 'content' in Internet transactions can be equally or more revealing of people's lives); whether the information is artificially categorized as 'subscriber information' (as identifying the computer behind an IP address is the key to vast amounts of otherwise anonymous online activity); or whether a particular item of information, analyzed in isolation, is not revealing, but has the capacity to reveal highly private information if collected systematically or pervasively, or if connected with other readily available information (an IP address, for example, may not reveal much in isolation but if left completely unprotected, indiscriminate collection and retention of all IP addresses can transform the Internet into a tool of mass surveillance).

Proportionality and Due Process: Given the invasive nature of electronic surveillance, it should not be frivolously undertaken for trivial means and should always be narrowly tailored. As Justice La Forest noted in R. v. Duarte: "one can scarcely imagine a state activity more dangerous to individual privacy than electronic surveillance." Therefore, in an investigative context, electronic surveillance can only occur subject to an independent, objective and competent authority determination that the invasion is highly likely to reveal evidence of a serious offence; where this determination occurs before privacy is invaded, except in instances of immediate emergency (as retroactive authorization has been greatly abused in the past); and that no more information should be accessed than is strictly necessary for the specific purpose for which the invasion was authorized (given that data is now highly centralized, a tailored invasion for a specific purpose can easily become an expedition, as vast amounts of data are swept into plain sight once access has been granted).

Formalize Trans-Border Access: Domestic data storage is rapidly becoming a thing of the past, and states are discovering new and creative ways to access data on computers stored around the world. This means, however, that data is often under the control of third parties in foreign countries and can generally be accessed under foreign laws. The Principles seek to address this issue by ensuring that trans-border access to data occurs through frameworks formalized in state to state agreements; that, where more than one law may facilitate access to data, the higher level of protection will be applied and trans-border access will not be used as a means of circumventing domestic protections; that voluntary cooperation by private parties will no longer occur and states will not be able to rely on the voluntary cooperation of private parties as a means of bypassing domestic protections, subject to criminal sanctions for those who permit or carry out illegitimate access; and by ensuring that the protections offered by these principles is applied to all individuals, whether they are based domestically or not (any access to the information of any individual can only occur in a manner consistent with their specific requirements of the Principles).

Legitimate Aim: Laws should only permit communications surveillance byspecified State authorities to achieve a legitimate aim thatcorresponds to a predominantly important legal interest that isnecessary in a democratic society.

Proportionality: Decisions about communications surveillance must bemade by weighing the benefit sought to be achieved against the harmthat would be caused to users’ rights and to other competing interests.

Due process: States must respect and guarantee individuals' human rights by ensuring that lawful procedures that govern any interferencewith human rights are properly enumerated in law, consistently practiced, and available to the general public.

User notification: Individuals should be notified of a decision authorising communications surveillance with enough time and information to enable them to appeal the decision, and should haveaccess to the materials presented in support of the application for authorisation.

Integrity of communications and systems: States should not compel service providers, or hardware or software vendors to build surveillance or monitoring capabilities into their systems, or to collect or retain information.

Safeguards for international cooperation: Mutual Legal Assistance Treaties (MLATs) entered into by States should ensure that, where the laws of more than one State could apply to communications surveillance, the available standard with the higher level of protection for users should apply.